THE article discusses recent developments in a cyber threat involving the INC Ransomware, which has been detected actively exploiting APAC manufacturing sectors and Japanese food companies. The malware employs a sophisticated toolkit designed for various CPU architectures, specifically targeting mainframe systems such as IBM POWER and SPARC64. The threat landscape arose after researchers found exposed staging servers linked to the ransomware operation, revealing a significant number of victims.
The initial attack vector remains unclear, but the attackers utilize Windows Group Policy Objects for distribution. The infection process involves extensive enumeration and data exfiltration tactics that prioritize sensitive information, including Active Directory DPAPI backup master keys. The report stresses the need for enhanced monitoring and security measures, particularly regarding internal network traffic and legacy hardware.